Lucene search

[email protected]NVD:CVE-2007-3572

HistoryJul 05, 2007 - 8:30 p.m.

CVE-2007-3572

2007-07-0520:30:00

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.046

Percentile

92.7%

JSON

Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded “`” (backtick) characters (%60 sequences).

Affected configurations

Nvd

Node

yoggiepico

yoggiepico_pro

VendorProductVersionCPE
yoggiepico*cpe:2.3:a:yoggie:pico:*:*:*:*:*:*:*:*
yoggiepico_pro*cpe:2.3:a:yoggie:pico_pro:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yoggie	pico	*	cpe:2.3:a:yoggie:pico::::::::
yoggie	pico_pro	*	cpe:2.3:a:yoggie:pico_pro::::::::

References

archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.html

archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.html

osvdb.org/37808

secunia.com/advisories/25902

www.securityfocus.com/bid/24743

www.vupen.com/english/advisories/2007/2417

exchange.xforce.ibmcloud.com/vulnerabilities/35208

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.046

Percentile

92.7%

JSON

Related for NVD:CVE-2007-3572

cve1 prion1 exploitdb1 cvelist1